This article briefly discusses what you need to define to turn on external security, when to do it, and how to code the level of security used for each Datacom system at your site.
You will have to set up the System Resource Class, DTSYSTEM (or [email protected] in RACF) in either CA ACF2, CA TopSecret, or IBM's RACF. This resource class is the key to turning on external security for Datacom products, features and data. It is identified by the internal CXX name. To determine the internal CXX name, review the Datacom started task JESLOG message - DB00201I MULTI-USER ENABLED CXX=cxxname. DTSYSTEM is used for level checking and identifies the product, feature, table or view being protected. This resource class should be the LAST resource class you define.
To activate external security you must ALLOW access to the one of the access levels .PASS definitions described below and DENY access to the equivalent level .FAIL definition for the userID that brings up the Datacom started task. To deactivate external security, reverse this by DENYing access to the .PASS definition and ALLOWing access to the .FAIL definition.
When Datacom is brought up (or Multi-User is enabled), there is an internal call made to the external security product to determine:
ACTIVATE.LEVEL05.PASS 10 Table Resource Classes and DataQuery security.ACTIVATE.LEVEL05.FAIL
ACTIVATE.LEVEL04.PASS 10 Table Resource Classes and view security. ACTIVATE.LEVEL04.FAIL
ACTIVATE.LEVEL03.PASS 10 Table Resource Classes and expanded path security. ACTIVATE.LEVEL03.FAIL
ACTIVATE.LEVEL02.PASS DTTABLE and DXTABLE Table Resource Classes for record-at-a-time and SQL access. ACTIVATE.LEVEL02.FAIL
ACTIVATE.LEVEL01.PASS DTTABLE Table Resource Class only for record-at-a-time access. ACTIVATE.LEVEL01.FAIL
Because this level of security turns on external security, ensure that all the access definitions are defined before you turn on external security.
After all resources have been defined and all permissions have either been allowed or denied to these resources, you can confirm that external security is activated by looking for the following Datacom message in your Datacom JESLOG or LISTLOG: DB00220I External Security is active...